package org.example.config;

import jakarta.annotation.Resource;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.reactive.EnableWebFluxSecurity;
import org.springframework.security.config.web.server.SecurityWebFiltersOrder;
import org.springframework.security.config.web.server.ServerHttpSecurity;
import org.springframework.security.web.server.SecurityWebFilterChain;
@Configuration
@EnableWebFluxSecurity
public class SecurityConfig {
    @Resource
    LoginReactiveAuthenticationManager loginReactiveAuthenticationManager;
    @Resource
    AccessReactiveAuthorizationManager accessReactiveAuthorizationManager;
    @Resource
    TokenFilter tokenFilter;
    @Bean
    public SecurityWebFilterChain securityWebFilterChain(ServerHttpSecurity http){
        return http
                .csrf(csrf -> csrf.disable())     //完全禁用csrf
                .authenticationManager(loginReactiveAuthenticationManager)
                //放行所有请求，由JwtAuthFilter控制权限
                .authorizeExchange(ex -> ex
                        .pathMatchers("/auth/login").permitAll()
                        .anyExchange()
                        .access(accessReactiveAuthorizationManager)
                )
                .addFilterAt(tokenFilter, SecurityWebFiltersOrder.HTTP_BASIC)    //注册令牌过滤器
                .csrf().disable()
                .httpBasic().disable()   //关闭基本认证
                .formLogin().disable()
                .build();
    }
}
